CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-48740 – selinux: fix double free of cond_list on error paths
https://notcve.org/view.php?id=CVE-2022-48740
20 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: selinux: fix double free of cond_list on error paths On error path from cond_read_list() and duplicate_policydb_cond_list() the cond_list_destroy() gets called a second time in caller functions, resulting in NULL pointer deref. Fix this by resetting the cond_list_len to 0 in cond_list_destroy(), making subsequent calls a noop. Also consistently reset the cond_list pointer to NULL after freeing. [PM: fix line lengths in the description] In t... • https://git.kernel.org/stable/c/f446089a268c8fc6908488e991d28a9b936293db •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-48738 – ASoC: ops: Reject out of bounds values in snd_soc_put_volsw()
https://notcve.org/view.php?id=CVE-2022-48738
20 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: ASoC: ops: Reject out of bounds values in snd_soc_put_volsw() We don't currently validate that the values being set are within the range we advertised to userspace as being valid, do so and reject any values that are out of range. In the Linux kernel, the following vulnerability has been resolved: ASoC: ops: Reject out of bounds values in snd_soc_put_volsw() We don't currently validate that the values being set are within the range we adver... • https://git.kernel.org/stable/c/40f598698129b5ceaf31012f9501b775c7b6e57d • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-48734 – btrfs: fix deadlock between quota disable and qgroup rescan worker
https://notcve.org/view.php?id=CVE-2022-48734
20 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix deadlock between quota disable and qgroup rescan worker Quota disable ioctl starts a transaction before waiting for the qgroup rescan worker completes. However, this wait can be infinite and results in deadlock because of circular dependency among the quota disable ioctl, the qgroup rescan worker and the other task with transaction such as block group relocation task. The deadlock happens with the steps following: 1) Task A calls... • https://git.kernel.org/stable/c/26b3901d20bf9da2c6a00cb1fb48932166f80a45 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-48733 – btrfs: fix use-after-free after failure to create a snapshot
https://notcve.org/view.php?id=CVE-2022-48733
20 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free after failure to create a snapshot At ioctl.c:create_snapshot(), we allocate a pending snapshot structure and then attach it to the transaction's list of pending snapshots. After that we call btrfs_commit_transaction(), and if that returns an error we jump to 'fail' label, where we kfree() the pending snapshot structure. This can result in a later use-after-free of the pending snapshot: 1) We allocated the pending ... • https://git.kernel.org/stable/c/7e4c72dbaf62f8978af8321a24dbd35566d3a78a •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-48731 – mm/kmemleak: avoid scanning potential huge holes
https://notcve.org/view.php?id=CVE-2022-48731
20 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: mm/kmemleak: avoid scanning potential huge holes When using devm_request_free_mem_region() and devm_memremap_pages() to add ZONE_DEVICE memory, if requested free mem region's end pfn were huge(e.g., 0x400000000), the node_end_pfn() will be also huge (see move_pfn_range_to_zone()). Thus it creates a huge hole between node_start_pfn() and node_end_pfn(). We found on some AMD APUs, amdkfd requested such a free mem region and created a huge hol... • https://git.kernel.org/stable/c/d3533ee20e9a0e2e8f60384da7450d43d1c63d1a •
CVSS: 4.4EPSS: 0%CPEs: 4EXPL: 0CVE-2022-48712 – ext4: fix error handling in ext4_fc_record_modified_inode()
https://notcve.org/view.php?id=CVE-2022-48712
20 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix error handling in ext4_fc_record_modified_inode() Current code does not fully takes care of krealloc() error case, which could lead to silent memory corruption or a kernel bug. This patch fixes that. Also it cleans up some duplicated error handling logic from various functions in fast_commit.c file. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: ext4: corrige el manejo de errores en ext4_fc_record_modified_inode()... • https://git.kernel.org/stable/c/62e46e0ffc02daa8fcfc02f7a932cc8a19601b19 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2021-47620 – Bluetooth: refactor malicious adv data check
https://notcve.org/view.php?id=CVE-2021-47620
20 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: refactor malicious adv data check Check for out-of-bound read was being performed at the end of while num_reports loop, and would fill journal with false positives. Added check to beginning of loop processing so that it doesn't get checked after ptr has been advanced. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: Bluetooth: refactorización de verificación de datos publicitarios maliciosos. Se estaba realizando u... • https://git.kernel.org/stable/c/305e92f525450f3e1b5f5c9dc7eadb152d66a082 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47618 – ARM: 9170/1: fix panic when kasan and kprobe are enabled
https://notcve.org/view.php?id=CVE-2021-47618
20 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: ARM: 9170/1: fix panic when kasan and kprobe are enabled arm32 uses software to simulate the instruction replaced by kprobe. some instructions may be simulated by constructing assembly functions. therefore, before executing instruction simulation, it is necessary to construct assembly function execution environment in C language through binding registers. after kasan is enabled, the register binding relationship will be destroyed, resulting... • https://git.kernel.org/stable/c/35aa1df4328340f38edc46f00837f08d33d49f63 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-38619 – usb-storage: alauda: Check whether the media is initialized
https://notcve.org/view.php?id=CVE-2024-38619
20 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: usb-storage: alauda: Check whether the media is initialized The member "uzonesize" of struct alauda_info will remain 0 if alauda_init_media() fails, potentially causing divide errors in alauda_read_data() and alauda_write_lba(). - Add a member "media_initialized" to struct alauda_info. - Change a condition in alauda_check_media() to ensure the first initialization. - Add an error check for the return value of alauda_init_media(). En el kern... • https://git.kernel.org/stable/c/e80b0fade09ef1ee67b0898d480d4c588f124d5f • CWE-457: Use of Uninitialized Variable •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47612 – nfc: fix segfault in nfc_genl_dump_devices_done
https://notcve.org/view.php?id=CVE-2021-47612
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: nfc: fix segfault in nfc_genl_dump_devices_done When kmalloc in nfc_genl_dump_devices() fails then nfc_genl_dump_devices_done() segfaults as below KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f] CPU: 0 PID: 25 Comm: kworker/0:1 Not tainted 5.16.0-rc4-01180-g2a987e65025e-dirty #5 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-6.fc35 04/01/2014 Workqueue: events netlink_sock_destruct_work RIP: 0010:k... • https://git.kernel.org/stable/c/ea55b3797878752aa076b118afb727dcf79cac34 •